ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Antivirus & Security Scanner

v1.0.0

MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...

0· 298·0 current·0 all-time
byThomas@thomas-security
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: this SKILL.md tells the agent to install a MoltGuard OpenClaw plugin and use a remote Core for security detections, which is consistent with a 'security scanner' skill. However, the runtime instructions require the openclaw CLI and node scripts (openclaw plugins install, node ~/.openclaw/...), but the skill metadata lists no required binaries — that mismatch is an inconsistency that should have been declared.
Instruction Scope
Instructions tell the agent to run openclaw CLI commands, cat a file under ~/.openclaw/extensions/moltguard/samples/ (a sample test file), run node scripts for enterprise enrollment/uninstall, and to claim an Agent ID/API key. Those steps are within the plugin's stated purpose, but the SKILL.md also promises 'Automatic (Zero Human Intervention)' credential retrieval without explaining how keys are obtained or consent is requested — that vagueness broadens scope and deserves scrutiny. The agent is instructed to read and save files under ~/.openclaw (plugin config and credentials), which is expected for a plugin but is file access you should be aware of.
Install Mechanism
This is instruction-only (no install spec or code files in the skill bundle), which lowers direct risk from this repository. However, the instructions explicitly invoke 'openclaw plugins install @openguardrails/moltguard' which will download and install plugin code (including the referenced scripts) from the plugin registry or upstream. Those downloaded files (e.g., scripts/*.mjs) will run with node — the SKILL.md does not include or show that code, so installing will execute code not visible in this skill. That is a moderate install-risk characteristic and should be considered before proceeding.
!
Credentials
The skill declares no required environment variables, but it states that an API key will be acquired/saved to ~/.openclaw/credentials/moltguard/ and that 'All security detection is performed by Core.' That means prompts, files, or other data may be sent to a remote service (public Core or enterprise Core). For a security scanner this is plausible, but it is a significant privacy/credential handling action: automatic saving of API keys, sharing agent quotas across machines, and remote scanning/exfiltration of data are all sensitive behaviors that should be explicit and consented to. The SKILL.md does not explicitly enumerate what data is sent to Core or provide an opt-in confirmation flow.
Persistence & Privilege
The skill does not request always:true and uses normal autonomous invocation defaults. It explicitly writes config/credentials under ~/.openclaw and modifies plugin state via openclaw plugins update/uninstall, which is typical for a plugin. The concern is the described 'automatic' onboarding that claims to obtain and save API keys without clear human confirmation; that persistence (storing credentials and linking agents) is powerful and warrants explicit user consent and visibility.
What to consider before installing
This SKILL.md appears to be a legitimate installer/integrator for a third‑party security plugin, but it has a few worrisome points you should check before installing: 1) The instructions expect the openclaw CLI and node to be available but the skill metadata doesn't declare those requirements — ensure you have them and understand which programs will run. 2) Installing the plugin will download and install code (scripts under ~/.openclaw/extensions/moltguard) that is not present in this skill bundle; review that plugin's source (the GitHub repo) before installing. 3) MoltGuard sends data to a remote 'Core' for detection and will save API keys to ~/.openclaw/credentials/moltguard/ — verify what data is transmitted and whether you trust the Core endpoint (use enterprise Core if you need on‑prem scanning). 4) The 'automatic' credential handling and agent-claim/quotasharing behavior can cause cross-agent data/usage sharing; require explicit user consent. If you want to proceed: (a) inspect the plugin code in the official repo or plugin registry before running the install, (b) confirm exactly what data will be sent to Core and whether it is encrypted/retained, and (c) consider installing in a controlled environment first (or use the enterprise Core option) to verify behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk971sc618dda4998yt0sv1gnzx82tb5g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments